HeiBuddyLoading...
HeiBuddyCreated Date: 01st January 2026
Last Updated On: 21st April 2026
For the purposes of these Terms, the following capitalised terms carry the meanings assigned below. Headings are for convenience only and do not affect interpretation.
1.1 “Account” — a registered user profile on the Platform, authenticated by a verified phone number, one-time password (OTP), and (where applicable) multi-factor authentication.
1.2 “AI Features” — any feature of the Platform that uses artificial-intelligence, machine-learning, large-language-model, automatic-speech-recognition, text-to-speech, natural-language-understanding, recommendation, or autonomous-agent components, including the HeiBuddy voice assistant, Smart Meal, and related capabilities.
1.3 “Applicable Law” — all statutes, regulations, rules, directives, orders, judgments, and binding regulatory guidance in force from time to time in any jurisdiction in which the Platform is offered or accessed, including those listed in Section 19.
1.4 “Biometric Data” — data resulting from specific technical processing relating to an individual’s physical, physiological, or behavioural characteristics — including voiceprints, voice audio signatures, facial geometry, and fingerprint templates — which allow or confirm unique identification. Biometric Data is treated as Sensitive Personal Data.
1.5 “Consumer” — a natural person who accesses or uses the Platform primarily for personal, family, or household purposes.
1.6 “Content” — any text, audio, voice recording, image, video, file, metadata, review, prompt, or other material transmitted to, through, or from the Platform.
1.7 “Delivery Partner” / “Runner” — an independent contractor (individual or entity) that performs last-mile fulfilment, rides, pickups, or deliveries in connection with Platform Services.
1.8 “Merchant” / “Service Provider” / “Partner” — any restaurant, retailer, pharmacy, hospital, clinic, registered medical practitioner, transport aggregator, financial-service provider, advertiser, or other third party offering goods, services, or content through the Platform.
1.9 “Personal Data” — any data relating to an identified or identifiable natural person, as defined under the Digital Personal Data Protection Act, 2023 (India) (“DPDP Act”), the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK GDPR, and equivalent laws.
1.10 “Platform Services” — technology-enabled discovery, orchestration, booking, payment-facilitation, routing, notification, AI, and customer-support capabilities provided by Yugasys. Platform Services do not include the underlying goods or services provided by Merchants, Delivery Partners, or medical professionals.
1.11 “Sensitive Personal Data” — Personal Data that, under Applicable Law, requires heightened protection, including financial information, health information, Biometric Data, genetic data, religious/caste/tribe/political beliefs, sexual orientation, children’s data, and other categories defined as “Sensitive Personal Data or Information” (SPDI) under the SPDI Rules 2011, “special category data” under the GDPR/UK GDPR, and analogous definitions under other Applicable Law.
1.12 “User” / “you” — any natural person who accesses the Platform, whether as a registered Consumer, Partner representative, Delivery Partner, visitor, or agent.
1.13 All other capitalised terms have the meanings assigned to them within these Terms, the Privacy Policy, or the applicable Schedule.
2.1 Minimum age. You must be at least 18 years old to register an Account and transact independently on the Platform. Certain features (e.g., financial services, pharmacy, mobility, adult-only commerce) may require higher minimum ages under Applicable Law.
2.2 Minors. Where a person under the age of 18 (or, in the EEA, under the applicable digital-consent age between 13 and 16 as set by the relevant Member State; or, in the US, under 13 for COPPA purposes) accesses the Platform, such access is permitted only under the supervision of a parent or lawful guardian who has provided verifiable parental consent as required under the DPDP Act, COPPA, GDPR Article 8, and other Applicable Law.
2.3 No targeted processing of children. In line with the DPDP Act, Section 9, the Company shall not undertake tracking, behavioural monitoring, or targeted advertising directed at children, nor process children’s Personal Data in a manner likely to cause detrimental effect on their well-being. Age-gating controls are enforced at the registration layer.
2.4 Jurisdictional eligibility. You may not access the Platform if you are located in, ordinarily resident in, or a national of a jurisdiction subject to comprehensive sanctions administered by the UN Security Council, the European Union, the United Kingdom (OFSI), or the United States (OFAC SDN list), or if you are otherwise prohibited from receiving the Platform Services under Applicable Law.
2.5 Verification. The Company may, at any time, require identity, age, address, or credential verification (including KYC under the PMLA and RBI Master Directions where applicable). Refusal or failure to complete verification may result in denial, suspension, or termination of access.
3.1 Registration. You create an Account using a valid mobile number verified through OTP. You agree to provide accurate, current, and complete information and to update it promptly when it changes.
3.2 Credentials. You are responsible for safeguarding your credentials, device, SIM, and authentication factors. You must enable multi-factor authentication (MFA) where offered and must not share OTPs, PINs, biometric unlocks, or session tokens with any third party, including persons claiming to represent the Company, banks, or law-enforcement agencies.
3.3 Activity attribution. All activity under your Account is presumed to be undertaken by you. You must notify the Company immediately at security@heibuddy.ai of any suspected unauthorised access, SIM-swap, device loss, or Account compromise. Your liability for unauthorised transactions is governed by RBI’s Customer Protection — Limiting Liability of Customers framework to the extent applicable, and by equivalent rules in other jurisdictions.
3.4 Session and device binding. The Platform may bind sessions to a specific device, SIM, geolocation, or behavioural profile for fraud-prevention, may prompt for step-up authentication for high-risk actions, and may terminate sessions that exhibit anomalies.
3.5 One Account per person. Creating multiple Accounts to circumvent rate limits, abuse promotions, evade suspension, or engage in referral fraud is prohibited.
4.1 Technology intermediary. The Platform operates as an intermediary under Section 2(1)(w) and avails of the safe-harbour protection under Section 79 of the Information Technology Act, 2000 read with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“IT Rules 2021”), subject to the Company’s compliance with applicable due-diligence obligations.
4.2 No agency or endorsement. Unless explicitly stated in a separate written agreement, the Company acts only as a technology orchestration layer. It does not: (a) manufacture, prepare, sell, or deliver Merchant goods; (b) drive, pilot, or transport passengers or cargo; (c) provide medical advice, diagnosis, treatment, or pharmaceutical products; (d) act as a financial institution, payment system operator, money transmitter, or regulated deposit-taking entity, except to the extent it holds, or its counterparties hold, the requisite authorisations; or (e) create any fiduciary, agency, employment, partnership, joint-venture, or advisory relationship between the Company and any User, Partner, Merchant, or Delivery Partner.
4.3 No warranty of third-party services. Merchants, Delivery Partners, medical professionals, and other Service Providers are independent third parties. The Company does not warrant their conduct, skill, punctuality, quality, legality, or suitability, except where Applicable Law imposes such an obligation that cannot be contractually disclaimed.
4.4 Deemed-supplier rules. Where Applicable Law (e.g., the EU VAT e-commerce rules, marketplace-collection obligations under the Indian GST regime, or the US state marketplace-facilitator statutes) treats the Company as a deemed supplier or tax collector for specific transactions, the Company will comply with those obligations solely for the purposes specified by that law and without altering the intermediary nature of the Platform for any other purpose.
These service-specific sections supplement the main Terms. In the event of conflict between a service-specific section and the general Terms in relation to the specific Service, the service-specific section prevails for that Service.
(a) Merchants are solely responsible for compliance with the Food Safety and Standards Act, 2006, FSSAI regulations, allergen labelling, hygiene, expiry, temperature-integrity, and the Legal Metrology Act, 2009. The Platform surfaces Merchant-supplied information “as provided”.
(b) Allergy, dietary, or contamination claims are Merchant warranties. Users with allergies must independently verify with the Merchant before consumption.
(c) Delivery estimates are forecasts, not guarantees.
(a) Mobility services are provided through aggregators and drivers operating under the Motor Vehicles Act, 1988 and the Motor Vehicle Aggregator Guidelines, 2020/2025 (as amended), and equivalent state/local regulations.
(b) The Company verifies driver and vehicle credentials on a best-effort basis using aggregator attestations; the Company is not the transport provider and does not warrant driver conduct.
(c) Surge pricing, cancellation fees, and route selection follow the aggregator’s own policies, which will be displayed before confirmation.
(d) Seat-belt, helmet, and child-safety-seat compliance is the responsibility of the rider and driver.
(a) Teleconsultations are facilitated in accordance with the Telemedicine Practice Guidelines, 2020 issued by the Board of Governors in supersession of the Medical Council of India, read with the National Medical Commission Act, 2019.
(b) Registered Medical Practitioners (RMPs) are independently registered with their respective State Medical Councils; the Company surfaces RMP registration numbers but does not itself practise medicine.
(c) No emergency use. The teleconsultation feature is not intended for medical emergencies. In an emergency, dial 112 (India), 911 (US), 999 (UK), 112 (EU), or your local emergency number, or use the in-App Ambulance feature.
(d) Prescriptions for Schedule H, H1, and X drugs are issued only where the RMP is satisfied of clinical appropriateness and in conformity with the Drugs and Cosmetics Rules.
(e) Health data is processed as Sensitive Personal Data / special-category data under DPDP, GDPR, HIPAA (where a Business Associate Agreement applies), and other Applicable Law, and is subject to the additional safeguards set out in the Privacy Policy.
(a) Dispensing is performed by licensed pharmacies under the Pharmacy Act, 1948 and the Drugs and Cosmetics Act, 1940 and Rules thereunder.
(b) Scheduled medicines require a valid prescription uploaded by the User or issued by an RMP via the Platform.
(c) Narcotic and psychotropic substances covered under the NDPS Act are not dispensed through the Platform.
(a) The Platform surfaces third-party ambulance providers; actual dispatch, triage, and clinical intervention are the responsibility of the provider.
(b) Users are strongly encouraged, in life-threatening emergencies, to dial local emergency numbers first (e.g., 112 in India) and use the App feature in parallel.
(a) Payments are processed through licensed payment aggregators (including Cashfree Payments India Pvt. Ltd. or such other RBI-authorised payment aggregator as notified in-App), acting under the RBI Guidelines on Regulation of Payment Aggregators and Payment Gateways.
(b) Card tokenisation. In compliance with the RBI Card-on-File (CoF) Tokenisation Framework, card data is tokenised at the network/issuer layer. The Company does not store Primary Account Numbers (PAN), CVV, or full card details on its servers or devices.
(c) PCI-DSS. Payment components are maintained in line with PCI-DSS v4.0. Cardholder-data environment (CDE) is scope-minimised via tokenisation and outsourcing to PCI-compliant providers.
(d) Strong Customer Authentication (SCA). For transactions in scope of PSD2/PSD3 (EEA/UK), SCA will be enforced per the applicable Regulatory Technical Standards.
(e) Unauthorised transactions. You must report unauthorised transactions within the timelines prescribed by the RBI Customer Liability Framework (or the equivalent local rule) to preserve limited-liability protections.
(f) AML/KYC. The Company and its counterparties comply with the Prevention of Money Laundering Act, 2002, RBI KYC Master Direction, FATF Recommendations, and applicable sanctions regimes (OFAC/EU/UN/UK OFSI). The Company may freeze, hold, or reverse transactions, report suspicious activity to FIU-IND or an equivalent authority, or request additional documentation to discharge these obligations.
The Platform may surface information about, or facilitate applications to, government schemes and services. Such facilitation does not constitute a representation that any application will succeed, nor does it create any liability on the Company for the decision, timeline, or conduct of the relevant authority.
The Platform includes AI Features powered by in-house models and third-party providers (currently Google Cloud for speech-to-text and OpenAI for natural-language understanding/generation; the list may change — see the Privacy Policy for the current sub-processor register).
In accordance with the EU AI Act (Regulation (EU) 2024/1689), the NIST AI Risk Management Framework, and emerging Indian AI governance guidance, we:
(a) disclose the use of AI in the relevant interface;
(b) label AI-generated content where required under Article 50 of the EU AI Act;
(c) restrict AI from making legally or similarly significant decisions about you without meaningful human review (see Section 6.4); and
(d) monitor for bias, hallucination, toxicity, and misuse on a continuous basis.
(a) Separate, explicit, granular, revocable consent is required before:
(i) voice audio is transmitted to a speech-to-text provider;
(ii) text prompts are transmitted to an LLM provider; or
(iii) any voiceprint or voice-biometric template is generated.
(b) Voice biometrics (where used for authentication, fraud-detection, or personalisation) are collected only with your written informed consent as contemplated by the Illinois Biometric Information Privacy Act (BIPA), Article 9 of the GDPR/UK GDPR, Section 9 of the DPDP Act for sensitive data, and equivalent laws. A separate Biometric Data Retention and Destruction Schedule is published within the App; voice biometric templates are destroyed no later than the earlier of (x) the period specified in that Schedule, (y) three (3) years after last interaction, or (z) promptly upon consent revocation or Account deletion, except where longer retention is required by law.
(c) The Company does not sell, lease, trade, or otherwise profit from your Biometric Data.
(a) Where we share data with AI sub-processors, we do so under data-processing agreements containing confidentiality, security, and model-training restrictions.
(b) As at the Last Updated date, our enterprise AI sub-processors contractually commit that API-submitted data is not used to train their foundation models. We monitor these commitments but do not control unilateral changes by providers. We will update the Privacy Policy and sub-processor register if material changes occur; continued use of the AI Features after such update constitutes acceptance of the revised position, subject to your right to revoke consent under Section 6.5.
(c) International transfers to AI providers are effected under Standard Contractual Clauses (SCCs), UK IDTA, or other lawful transfer mechanisms — see Section 12.
Consistent with GDPR Article 22, equivalent DPDP and CPRA provisions, and our Responsible AI principles, no legally or similarly significant decision about you (including financial approvals, account restrictions, significant refunds, healthcare decisions, or law-enforcement referrals) will be taken solely on the basis of automated processing. You have the right to request human review, to contest the decision, and to express your point of view.
You may revoke AI-processing consent at any time in Settings → Privacy → AI & Voice. Revocation disables AI Features prospectively and triggers deletion of voice biometric templates and transient AI data within 30 days, subject to lawful retention obligations. Revocation does not affect the lawfulness of processing before revocation.
You must not use AI Features to: (a) generate content that infringes intellectual-property, publicity, or privacy rights; (b) produce defamatory, unlawful, harassing, child-sexual-exploitation, terrorism-related, or sanctions-evading content; (c) engineer, attempt, or conduct prompt injection, jailbreaking, model extraction, training-data extraction, or adversarial manipulation of the AI models; (d) circumvent content-safety, rate-limit, or eligibility guardrails; or (e) impersonate any real person or legal entity without lawful authority.
AI outputs may contain errors, hallucinations, or omissions. You are responsible for exercising independent judgement before relying on any AI output, particularly in medical, legal, financial, safety, or professional contexts.
7.1 Pricing. Prices, taxes, delivery charges, service fees, surge multipliers, platform fees (e.g., ₹2 facilitation fee, as displayed), and any other charges are shown before order confirmation. By confirming, you authorise the Company and/or its payment aggregator to charge the selected payment instrument for the total amount.
7.2 Taxes. Applicable GST, VAT, sales tax, or equivalent indirect tax is shown separately and remitted in accordance with Applicable Law. Where the Company acts as a deemed supplier or marketplace facilitator, such taxes may be collected and remitted by the Company.
7.3 Currency. Prices are in Indian Rupees (INR) unless otherwise displayed. Foreign-currency conversions are performed at the payment-network or banking rate and may include a conversion margin.
7.4 No guarantee of price continuity. The Company reserves the right to modify pricing, fees, and promotional credits prospectively. Price changes will not apply retroactively to confirmed orders, except to correct bona fide errors (see 7.6).
7.5 Refunds and cancellations. Governed by the separate Refund & Cancellation Policy, which forms part of these Terms. For Consumers in the EEA, UK, and certain other jurisdictions, statutory rights of withdrawal (see Schedule B) apply in addition.
7.6 Pricing errors. If a product or service is listed at an incorrect price due to typographical, technical, or supplier error, the Company may cancel affected orders and refund the amounts paid. The Company is not obliged to honour the erroneous price.
7.7 Wallet balance. Any prepaid wallet balance is held in accordance with the RBI Master Direction on Prepaid Payment Instruments. Unused balances are refundable per the Refund Policy and RBI rules; they do not accrue interest.
7.8 Chargebacks. Unjustified chargebacks may result in Account suspension, recovery proceedings, and reporting to card networks or credit bureaus where permitted by law.
In addition to conduct prohibited by Applicable Law, you must not:
8.1 place fraudulent, fake, or malicious orders or bookings;
8.2 submit false, misleading, or deceptive information, including fake reviews or ratings;
8.3 harass, abuse, threaten, stalk, dox, or defame any person (including Delivery Partners, Merchants, RMPs, or other Users);
8.4 scrape, crawl, harvest, mirror, or systematically extract data from the Platform, except through officially documented APIs under a written agreement;
8.5 reverse-engineer, decompile, disassemble, or attempt to derive source code from the Platform, except to the limited extent permitted by statute notwithstanding contractual restriction;
8.6 introduce malware, trojans, worms, logic bombs, or other harmful code;
8.7 conduct penetration testing, vulnerability scanning, fuzzing, or security research against the Platform without prior written authorisation under the Company’s Responsible Disclosure Policy;
8.8 interfere with, disable, or overload the Platform, its APIs, rate limits, authentication, or abuse-prevention controls;
8.9 use the Platform in violation of export controls, sanctions, anti-money-laundering, anti-corruption (FCPA, UK Bribery Act, Indian Prevention of Corruption Act), or anti-terrorism laws;
8.10 upload content that infringes IP, privacy, publicity, or confidentiality rights, or that constitutes child sexual abuse material (CSAM), non-consensual intimate imagery, or revenge pornography — such content will be reported to authorities;
8.11 circumvent geofencing, jurisdictional controls, or age-gating mechanisms; or
8.12 use the Platform to send unsolicited commercial communications, SPAM, or deceptive messaging in violation of TRAI TCCCPR, CAN-SPAM, GDPR/ePrivacy, or equivalent laws.
The Company may remove content, suspend features, terminate Accounts, cooperate with law enforcement, and pursue civil and criminal remedies for violations. The Company is a reporting entity for certain obligations (e.g., CERT-In 6-hour incident reporting, FIU-IND STR reporting).
9.1 Ownership. All rights, title, and interest in the Platform — including software, code, user-interface elements, trademarks (HeiBuddy, HeiBuddyAI, and associated logos), designs, content, databases, and AI models — are owned by, or licensed to, Yugasys.
9.2 Limited licence to you. Subject to your compliance with these Terms, we grant you a limited, revocable, non-exclusive, non-transferable, non-sub-licensable licence to access and use the Platform for your personal, non-commercial use (or, for Partners, as specified in your Partner Agreement).
9.3 User Content licence to the Company. You retain ownership of the Content you submit. You grant the Company a worldwide, royalty-free, sub-licensable, transferable licence to host, reproduce, distribute, adapt, translate, display, and use such Content for the purposes of operating, improving, and promoting the Platform, except where such use would be inconsistent with your privacy rights, biometric-data restrictions, or other mandatory law. This licence survives termination solely to the extent necessary for backups, legal compliance, and aggregated/anonymised analytics.
9.4 Feedback. Any suggestion, feature request, or feedback you provide may be used by the Company without obligation to you, on a non-confidential basis.
9.5 DMCA / IP infringement notices. Notices of claimed infringement should be sent to ip@heibuddy.ai with the information required under Section 512 of the US DMCA, Rule 3(2)(b) of the IT Rules 2021, or equivalent local procedure.
10.1 The Platform may include links to, or integrations with, third-party services (e.g., maps, payment aggregators, AI models, airlines, insurers, government portals). Those services are governed by the third party’s own terms and privacy policies.
10.2 We do not endorse, warrant, or control third-party services, and we are not liable for their acts or omissions, except to the extent a non-waivable statutory duty applies.
11.1 Privacy Policy. Our collection, use, storage, sharing, and processing of Personal Data is governed by the HeiBuddy Privacy Policy, which is incorporated by reference into these Terms.
11.2 Data Subject / Data Principal Rights. Subject to verification, you may exercise the following rights, as applicable in your jurisdiction: (a) access, correction, and erasure (DPDP, GDPR, UK GDPR, LGPD, CPRA, VCDPA, etc.); (b) portability (GDPR, UK GDPR, LGPD, CPRA); (c) objection and restriction of processing (GDPR, UK GDPR); (d) opt-out of sale, share, or targeted advertising (CPRA, VCDPA, CPA, etc.); (e) nomination of another person to exercise rights in the event of death or incapacity (DPDP); (f) grievance redressal (DPDP); (g) withdraw consent at any time, without affecting prior lawful processing.
11.3 Automated decision-making. See Section 6.4 and Schedule A for the GDPR/UK GDPR Article 22 equivalent protections.
11.4 Data-protection contact. To exercise rights or raise queries, contact dpo@heibuddy.ai. For India, also see the Grievance Officer details in Section 20.
12.1 Some Platform functions (including AI sub-processors and certain analytics tools) involve transfer of Personal Data outside your country of residence. We rely on one or more of the following lawful mechanisms: (a) Standard Contractual Clauses (SCCs) approved by the European Commission; (b) UK International Data Transfer Agreement (IDTA) or UK Addendum; (c) APEC Cross-Border Privacy Rules (CBPR) certification, where relevant; (d) Binding Corporate Rules (BCRs) for intra-group transfers; (e) DPDP Act Section 16 — transfers limited to countries not restricted by the Central Government; (f) Transfer Impact Assessments (TIAs) consistent with Schrems II jurisprudence.
12.2 Data localisation. In line with RBI’s Storage of Payment System Data Directive, payment-system data relating to Indian customers is stored within India. Copies may be temporarily transmitted abroad for transaction processing, subject to recall to India within the prescribed timelines.
12.3 Configurable data residency. For Partner and enterprise tenants, data-residency controls are available in the Partner Dashboard.
13.1 Consent is captured in a granular, purpose-specific, timestamped, withdrawable, and auditable manner through the Consent Management Platform (CMP) embedded in the App.
13.2 Where processing is based on a legal basis other than consent (e.g., contractual necessity, legal obligation, vital interests, legitimate interests under GDPR/UK GDPR), this will be disclosed in the Privacy Policy and in the applicable notice.
13.3 Withdrawal of consent may disable dependent features but will not affect the lawfulness of prior processing.
Nothing in these Terms is intended to, and nothing shall, exclude, restrict, or modify any non-waivable statutory right that you have as a Consumer under Applicable Law, including rights under:
(a) the Consumer Protection Act, 2019 and the Consumer Protection (E-Commerce) Rules, 2020 (India);
(b) the EU Consumer Rights Directive (2011/83/EU) and the EU Unfair Contract Terms Directive (93/13/EEC);
(c) the UK Consumer Rights Act 2015;
(d) the California Consumers Legal Remedies Act, the Song-Beverly Consumer Warranty Act, and other US state consumer-protection laws; and
(e) equivalent laws in your jurisdiction.
Where any provision of these Terms would otherwise be unenforceable against a Consumer under such law, that provision is read down to the minimum extent necessary to preserve enforceability, without affecting the remaining Terms.
15.1 As-is / as-available. To the maximum extent permitted by Applicable Law, the Platform is provided “AS-IS” and “AS-AVAILABLE”, without warranties of any kind, express, implied, statutory, or otherwise, including warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy, completeness, uninterrupted access, or freedom from harmful components.
15.2 No professional advice. The Platform does not provide medical, legal, tax, investment, or other professional advice. Teleconsultations are with independent RMPs; Users must rely on their own judgement and professional consultation.
15.3 Third-party conduct. The Company disclaims liability for acts or omissions of Merchants, Delivery Partners, RMPs, payment aggregators, and other third parties, except to the extent mandatory law provides otherwise.
15.4 AI output. AI-generated responses may be inaccurate. See Section 6.7.
15.5 Statutory carve-outs. Nothing in this Section 15 excludes liability for (a) death or personal injury caused by the Company’s negligence, (b) fraud or fraudulent misrepresentation, (c) any other liability that cannot be excluded under Applicable Law.
16.1 Exclusion of certain damages. To the maximum extent permitted by Applicable Law, the Company, its affiliates, officers, directors, employees, contractors, and licensors shall not be liable for any (a) indirect, incidental, special, consequential, exemplary, or punitive damages; (b) loss of profits, revenue, goodwill, data, business, or opportunity; or (c) losses arising from third-party acts, even if advised of the possibility of such damages.
16.2 Aggregate cap. To the maximum extent permitted by Applicable Law, the Company’s total aggregate liability to you arising out of or relating to these Terms or the Platform, whether in contract, tort (including negligence), statute, or otherwise, shall not exceed the greater of (a) the total fees paid by you to the Company (excluding amounts passed through to Merchants or Delivery Partners) in the six (6) months preceding the event giving rise to the claim, or (b) INR 10,000 (or the local-currency equivalent).
16.3 Carve-outs. The limitations in 16.1 and 16.2 do not apply to (a) death or personal injury caused by negligence; (b) fraud or fraudulent misrepresentation; (c) wilful misconduct; (d) gross negligence (where non-waivable); (e) liability that cannot be limited or excluded under Applicable Law.
16.4 Time bar. Any claim must be brought within one (1) year of the event giving rise to the claim, except where Applicable Law prescribes a longer non-waivable period.
16.5 Basis of the bargain. You acknowledge that the fee structure of the Platform reflects the allocation of risk in this Section 16, and that the Company would not offer the Platform without such allocation.
17.1 You shall indemnify, defend, and hold harmless the Company, its affiliates, and their respective officers, directors, employees, contractors, and agents from and against any and all third-party claims, demands, proceedings, losses, damages, liabilities, fines, penalties, costs, and expenses (including reasonable attorneys’ fees) arising out of or relating to:
(a) your breach of these Terms, the Privacy Policy, or any referenced policy;
(b) your violation of Applicable Law;
(c) your infringement of any third-party right (including IP, privacy, publicity, or contract);
(d) your Content, including any AI input or output that you generate, publish, or transmit;
(e) your use of the Platform to commit fraud, abuse, or a cyber offence;
(f) any claim by a tax authority relating to your tax obligations; and
(g) any misuse of another User’s Account where caused by your act or omission.
17.2 The Company may, at its option, assume exclusive defence and control of any matter subject to indemnification, in which case you shall cooperate fully. You shall not settle any matter involving the Company without prior written consent.
17.3 This Section 17 survives termination of these Terms.
18.1 By you. You may close your Account at any time through the App, subject to completion of pending transactions and statutory retention obligations.
18.2 By the Company. The Company may suspend or terminate your access, in whole or in part, with or without prior notice, where: (a) you breach these Terms or Applicable Law; (b) continued access poses a security, fraud, AML, sanctions, reputational, or compliance risk; (c) required by an order of a court, regulator, or other authority; (d) a feature is discontinued in whole or in the relevant jurisdiction; (e) your verification or KYC is incomplete or revoked.
18.3 Effects of termination. (a) Your licence to use the Platform ceases. (b) Pending transactions may be settled, reversed, or held subject to law. (c) Wallet balances will be refunded per the Refund Policy and RBI rules. (d) Personal Data will be retained or deleted per the Privacy Policy and statutory retention schedules (including CERT-In 180-day log retention and AML five-year retention).
18.4 Surviving sections. Sections 1 (Definitions), 9 (IP), 11 (Privacy), 14 (Consumer Rights), 15 (Disclaimers), 16 (Limitation), 17 (Indemnification), 19 (Compliance), 21 (Dispute Resolution), 23 (Miscellaneous), and any provision that by its nature should survive, shall survive termination.
The Platform is designed with reference to, among other frameworks:
You are responsible for your own compliance obligations, including tax, import, and professional-licensing obligations where applicable.
In compliance with Rule 3(2), Rule 4(1)(c), and Rule 4(2) of the IT Rules 2021, and the DPDP Act 2023:
Grievance Officer
Nodal Contact Person / Chief Compliance Officer / Resident Grievance Officer (Where applicable to the Company as a Significant Social Media Intermediary or a Data Fiduciary of notified scale.)
Data Protection Officer (DPO) (for GDPR/UK GDPR/LGPD etc.)
Information/Data Breaches (CERT-In 6-hour reporting, GDPR 72-hour)
21.1 Governing law. These Terms are governed by and construed in accordance with the laws of India, without regard to its conflict-of-laws principles. For Consumers resident in the EEA or UK, mandatory consumer-protection laws of your place of habitual residence apply in addition.
21.2 Good-faith resolution. Before initiating formal proceedings, you agree to notify the Company in writing (legal@heibuddy.ai), describing the dispute and proposed resolution. The parties will attempt to resolve the matter in good faith within thirty (30) days.
21.3 Binding arbitration. If not resolved, any dispute, controversy, or claim arising out of or relating to these Terms or the Platform shall be finally resolved by binding arbitration under the Arbitration and Conciliation Act, 1996 (as amended), by a sole arbitrator appointed by mutual agreement or, failing agreement, in accordance with the Act.
21.4 Seat, venue, and language. The seat and venue of arbitration shall be Bengaluru, Karnataka, India. The language of arbitration shall be English. The award shall be final and binding.
21.5 Jurisdiction of courts. Subject to Section 21.3, the courts of Bengaluru, Karnataka, India shall have exclusive jurisdiction over any proceedings in aid of or supervision of the arbitration, interim relief, or matters not capable of arbitration.
21.6 Class-action and representative waiver. To the maximum extent permitted by Applicable Law, disputes must be brought in your individual capacity and not as part of a class, collective, representative, or consolidated action. If this Section 21.6 is held unenforceable in whole or in part, the unenforceable portion shall be severed and the remaining arbitration provisions shall continue to apply.
21.7 Consumer carve-outs. Where mandatory consumer law (including under EU, UK, or specific US state law) grants a Consumer the right to pursue small-claims proceedings or to opt out of arbitration or class-waiver, that right is preserved.
Neither party shall be liable for any failure or delay in performance (other than payment obligations) caused by events beyond its reasonable control, including acts of God, natural disasters, pandemics, epidemics, war, armed conflict, terrorism, civil unrest, strikes, labour disputes, governmental or regulatory action, internet or telecommunications outages, power failures, cyber incidents, denial-of-service attacks, third-party-provider failures, or inability to obtain supplies.
If a force-majeure event continues for more than sixty (60) days, either party may terminate the affected portion of the Services without liability, subject to refund of prepaid amounts for unrendered services.
23.1 Entire agreement. These Terms, together with the Privacy Policy, Refund & Cancellation Policy, AI & Voice Biometrics Notice, and any Partner or service-specific agreement, constitute the entire agreement between you and the Company regarding the subject matter and supersede all prior understandings.
23.2 Severability. If any provision is held invalid or unenforceable, the remaining provisions continue in full force, and the invalid provision shall be reformed to the minimum extent necessary to render it enforceable while preserving its intent.
23.3 No waiver. Failure or delay in enforcing any provision does not constitute waiver. Waivers are effective only in writing signed by an authorised representative of the Company.
23.4 Assignment. You may not assign these Terms without our written consent. We may assign, novate, or transfer these Terms to an affiliate or successor (including in connection with a merger, acquisition, or reorganisation), with notice.
23.5 Electronic communications and signatures. You consent to receive communications electronically under the Information Technology Act, 2000, eIDAS Regulation (EU) 910/2014, E-SIGN Act (US), and equivalent laws. Electronic records and signatures satisfy any legal requirement for writing and signature.
23.6 Notices. Notices to you may be sent via in-App message, email, or SMS to the registered contact on your Account. Notices to the Company must be sent to legal@heibuddy.ai with a copy to the registered office.
23.7 No third-party beneficiaries. Except for affiliated indemnified parties under Section 17 and insurers and payment aggregators where expressly stated, no third party has rights under these Terms.
23.8 Export controls and sanctions. You represent that you are not (a) located in a sanctioned country, (b) listed on any sanctions or denied-party list, or (c) acting on behalf of any such person.
23.9 Language. These Terms are drafted in English. Translations are for convenience; the English version prevails in case of conflict, except where Applicable Law mandates otherwise (e.g., certain EU Member-State consumer-protection rules).
23.10 Headings and interpretation. Headings are for convenience only. “Including” means “including without limitation”. References to statutes include amendments and subordinate legislation.
23.11 Relationship. Nothing in these Terms creates an agency, partnership, joint venture, fiduciary, or employment relationship.
23.12 Modifications. We may modify these Terms prospectively. Material changes will be notified via in-App notice, email, or both, at least fifteen (15) days before the change takes effect, except where a shorter period is required by law, regulator, security, or fraud-prevention reasons. Continued use after the effective date constitutes acceptance.
A.1 Data Controller. Yugasys Software Private Limited acts as the Controller for Personal Data collected in connection with your use of the Platform. The EU/UK Representative details (where the thresholds for Article 27 GDPR / Article 27 UK GDPR are met) are published in the Privacy Policy.
A.2 Legal bases. We rely on contractual necessity, consent, legal obligation, vital interests, and legitimate interests, as specified per processing activity in the Privacy Policy.
A.3 Your GDPR/UK GDPR rights. Access, rectification, erasure, restriction, objection, portability, withdraw consent, lodge complaint with a supervisory authority (e.g., your national DPA; ICO in the UK).
A.4 Automated decisions (Art. 22). See Section 6.4.
A.5 Right of withdrawal (consumer distance contracts). Where you are a Consumer, you have a 14-day right to withdraw from certain distance contracts under the Consumer Rights Directive and UK equivalent, except for (a) perishable goods; (b) sealed pharmaceutical or hygiene products unsealed after delivery; (c) services fully performed with your prior express consent within 14 days; (d) passenger transport contracts; (e) accommodation/catering/leisure contracts for a specific date — all of which are excluded per Article 16 of the Consumer Rights Directive.
A.6 DSA transparency. Where the Digital Services Act applies, statement of reasons, illegal-content notice-and-action mechanisms, and trusted-flagger processes are disclosed in-App under “Platform Transparency”.
A.7 EU AI Act. Disclosures and opt-outs as described in Section 6.
B.1 International data transfers to non-adequate jurisdictions use the UK IDTA or UK Addendum to the EU SCCs.
B.2 You may complain to the Information Commissioner’s Office (ICO).
B.3 The Consumer Rights Act 2015 applies to Consumer transactions.
C.1 CCPA/CPRA, VCDPA, CPA, CTDPA, etc. You have rights to know, access, delete, correct, opt out of sale/share, and limit use of sensitive Personal Data, as described in the Privacy Policy.
C.2 Universal Opt-Out. We honour the Global Privacy Control (GPC) signal where legally required.
C.3 COPPA. The Platform is not directed to children under 13. We do not knowingly collect Personal Data from children under 13 without verifiable parental consent.
C.4 BIPA (Illinois) and CUBI (Texas). See Section 6.2 and the Biometric Data Retention Schedule.
C.5 TCPA / CAN-SPAM. You may opt out of marketing communications at any time. Transactional messages remain enabled.
C.6 State arbitration carve-outs. Where a US state law grants a non-waivable right to pursue small claims, that right is preserved under Section 21.7.
C.7 Do Not Call / Do Not Sell My Personal Information / Limit the Use of My Sensitive Personal Information. Links and in-App toggles are provided.
D.1 Verifiable parental consent required per DPDP Act, COPPA, GDPR Art. 8, UK Age Appropriate Design Code, California AADC.
D.2 Children’s data is not used for targeted advertising, behavioural profiling, or tracking.
D.3 Additional safeguards per Section 2.
E.1 Consumer Protection (E-Commerce) Rules 2020. Country of origin, return/refund, grievance timelines, and authorised representative details as displayed in-App.
E.2 RBI Data Localisation. As set out in Section 12.2.
E.3 CERT-In. Incident reporting within 6 hours; 180-day log retention; synchronised NTP clocks.
E.4 DPDP Act. Consent Manager integration (once operationalised), Data Principal rights, Grievance Officer as in Section 20.
(Additional Schedules for Middle East, Africa, LATAM, and APAC jurisdictions apply pro rata to Users in those jurisdictions and are published in the Privacy Policy and regional addenda.)
Material changes will be communicated via: (a) in-App notification, (b) email to your registered email address, and (c) updated “Last Updated” date above, at least fifteen (15) days before the effective date, except where a shorter period is required by law, regulator, security, or fraud-prevention reasons.
Yugasys Software Private Limited
Registered Office: NO. 558, 9TH CROSS, J P NAGAR 3RD PHASE, BENGALURU, Karnataka, India - 560078, Bengaluru, Karnataka, India
CIN: U72900KA2019PTC125835
GSTIN: 29AABCY1448A1ZJ
Acknowledgement. By continuing to use the Platform after the Effective Date, you confirm your agreement to these Terms and the policies referenced herein.
Document control: T&C v2.0 | Owner: HeiBuddy Legal & Compliance | Reviewer: DPO, CISO, Head of Product | Next review: 3 months from Effective Date or upon material regulatory change.